CISA, FBI issue secure by design alert on software vulnerability in response to MOVEit exploit

The Cybersecurity and Infrastructure Security Agency has released a joint alert on software security with the FBI, detailing how manufacturers can prevent a “persistent” defect that was exploited in a 2023 attack campaign on the MOVEit file transfer service.

“SQL injection—or SQLi—vulnerabilities remain a persistent class of defect in commercial software products. Despite widespread knowledge and documentation of SQLi vulnerabilities over the past two decades, along with the availability of effective mitigations, software manufacturers have continued to develop products with...